When a hacker owns an oscilloscope, it’s more than a possession. Weary nights are spent staring at the display, frantically twiddling the dials to coax out vital information. Over time, a bond is formed – and only the best will do for your scope. So why settle for the stock plastic dials when you could go for gold? Well in case you hadn’t noticed, we’re partial to a bit of over-engineering here at Hackaday, and [AvE] has upgraded his Rigol scope by adding metal knobs.

Employing his usual talent in the shop, [AvE] first turns the basic knob shapes from …read more

CA Technologies Support is alerting customers to multiple potential
risks with CA Privileged Access Manager. Multiple vulnerabilities
exist that can allow a remote attacker to conduct a variety of attacks.
These risks include seven vulnerabilities privately reported within
the past year to CA Technologies by security...

Git
Available for: macOS High Sierra 10.13.2 or later
Impact: Multiple issues in git, the most significant of which may
lead to arbitrary code execution
Description: Multiple issues existed in git. These issues were
addressed by updating git to version 2.15.2.
CVE-2018-11235: Etienne Stalmans
CVE-2018-11233

It’s probably fair to say that anyone reading these words understands conceptually how physically connected devices communicate with each other. In the most basic configuration, one wire establishes a common ground as a shared reference point and then the “signal” is sent over a second wire. But what actually is a signal, how do the devices stay synchronized, and what happens when a dodgy link causes some data to go missing?

All of these questions, and more, are addressed by [Ben Eater] in his fascinating series on data transmission. He takes a very low-level approach to explaining the basics of …read more

Git
Available for: macOS High Sierra 10.13.2 or later
Impact: Multiple issues in git, the most significant of which may
lead to arbitrary code execution
Description: Multiple issues existed in git. These issues were
addressed by updating git to version 2.15.2.
CVE-2018-11235: Etienne Stalmans
CVE-2018-11233

[Will Donaldson] has been making robot snakes of all sorts. One of his snakes hugs the ground, slithering across it with a sine wave motion. Flipping it on its side and calling different code, that same snake also moves like an inchworm. Another of his snakes lifts parts of itself upward to move sideways across the ground, again using sine waves.

At first, his slithering snake would only oscillate in place on the floor. Looking more closely at biological snakes, he found that part of the reason they moved forward was due to their scales. The scales move smoothly over …read more

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Ubuntu Security Notice 3675-2 - USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.

Ubuntu Security Notice 3675-2 - USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.

Ubuntu Security Notice 3675-2 - USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.

[Rulof Maker] is a master at making things from salvaged parts, and being an Italian lover of espresso coffee, this time he’s made an espresso machine. The parts in question are a piston and cylinder from an old motorbike, believe it or not, and parts from an IKEA lamp.

Why the piston and cylinder? For those not familiar with espresso machines, they work by forcing pressurized, almost boiling water through ground coffee. He therefore puts the water in the piston cylinder, and levers the piston down onto it, forcing the water out the bottom of the cylinder and through the …read more

When it comes to robots, we usually see some aluminum extrusion, laser-cut parts, maybe some 3D printed parts, and possibly a few Erector sets confabulated into a robot arm. This entry for the Hackaday Prize is anything but. It’s a robot chassis, a 3D printer, and the structural frame for any sort of moving project that’s made out of a special composite material.

[Marc]’s project for the Hackaday Prize is all about articulated mechanisms. Instead of the usual structural components, he’s using Hylite, a special material that’s basically a polypropylene core clad in a sheet of aluminum on both sides. …read more

The first program anyone writes for a microcontroller is the blinking LED which involves toggling a general-purpose input/output (GPIO) on and off. Consequently, the same GPIO can be used to read digital bits as well. A traditional microcontroller like the 8051 is available in DIP packages ranging from 20 pins to 40 pins. Some trade the number of GPIOs for compactness while other devices offer a larger number of GPIOs at the cost of complexity in fitting the part into your design. In this article, we take a quick look at applications that require a larger number of GPIOs and …read more

Ubuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.

Ubuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.

Ubuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.

Gentoo Linux Security Advisory 201806-4 - Multiple vulnerabilities have been found in Quassel, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 0.12.5 are affected.

Gentoo Linux Security Advisory 201806-4 - Multiple vulnerabilities have been found in Quassel, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 0.12.5 are affected.

Gentoo Linux Security Advisory 201806-4 - Multiple vulnerabilities have been found in Quassel, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 0.12.5 are affected.

Ubuntu Security Notice 3686-1 - Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

Ubuntu Security Notice 3686-1 - Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

Ubuntu Security Notice 3686-1 - Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

msploitego is the pentesting suite for Maltego. msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further.

msploitego is the pentesting suite for Maltego. msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further.

msploitego is the pentesting suite for Maltego. msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further.

Back in the 70s, you couldn’t swing a macrame plant hanger around a record store without knocking over numerous displays of albums featuring talkboxes. They were all over 70s music, kind of like how almost every 80s song has a sax solo and/or Michael McDonald on backing vocals. Not sure you’ve heard one being used? Trust us, you definitely have and just don’t realize it.

Talkboxes are essentially an amplifier and a speaker contained in a box. The speaker is the acoustic diaphragm type used in bullhorns and civil defense sirens. You run your guitar, keyboard, or electrified hurdy gurdy …read more

If you have a Raspberry Pi and have any interest in its peripherals, you may be familiar with the grinning pirate logo of the British company, Pimoroni. The Sheffield, UK based outfit first established a niche for itself as one of the go-to places for much of the essentials of Pi ownership, and has extended its portfolio beyond the Pi into parts, boards, and components across the spectrum of electronic experimentation. Their products are notable for their distinctive and colourful design language as well as their constant exploration of new ideas, and they have rapidly become one of those companies …read more

Most of us accumulate stuff, like drawers full of old cables and hard drives full of data. Reddit user [BaxterPad] doesn’t worry about such things though, as he built an impressive Network Attached Storage (NAS) system that can hold over 200TB of data. That’s impressive enough, but the real artistry is in how he did this. He built this system using ODroid HC2 single board computers running GlusterFS, combining great redundancy with low power usage.

The Odroid HC2 is a neat little single board computer that offers a single SATA interface and runs Linux. [BaxterPad] acquired sixteen of these, and …read more

We’d wager that most people reading these words have never used a loom before. Nor have most of you churned butter, or ridden in a horse-drawn wagon. Despite these things being state of the art technology at one point, today the average person is only dimly aware of their existence. In the developed world, life has moved on. We don’t make our own clothes or grow our own crops. We consume, but the where and how of production has become nebulous to us.

[David Heisserer] and his wife [Danielle Everine], believe this modern separation between consumption and production is …read more